Skip to content

chore: VPC Landingzone and SAP HANA in one click #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Oct 11, 2025
Merged

chore: VPC Landingzone and SAP HANA in one click #873

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
2efc0d6
VPC Landingzone and SAP HANA in one click
tripan27 Sep 25, 2025
d61b9cd
feat: VPC Landing Zone and SAP HANA one-click deployment(address code…
tripan27 Sep 25, 2025
5198c78
refactor: vars
surajsbharadwaj Sep 25, 2025
2a7d7e1
Revert "refactor: vars"
surajsbharadwaj Sep 25, 2025
9eb4888
refactor: fix catalog json, reorg vars, remove dns var, invalid count…
surajsbharadwaj Sep 26, 2025
c19115a
chore: code change only for sap-ready-to-go, pending (sap-s4hana-bw4h…
tripan27 Oct 7, 2025
e0f453a
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
807f05d
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
25492f4
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
d90bc6f
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
1155c56
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
ce733b2
Update modules/pi-sap-system-type1/main.tf
tripan27 Oct 7, 2025
ec35565
chore: new end to end solution for sap
tripan27 Oct 10, 2025
9f56e80
chore: new end to end solution for sap
tripan27 Oct 10, 2025
c28fe9a
chore: refer arch updated
tripan27 Oct 10, 2025
865ea8b
chore: fix cra
surajsbharadwaj Oct 10, 2025
49568d6
chore: remove comments
surajsbharadwaj Oct 10, 2025
9b6c464
chore: cleanup
surajsbharadwaj Oct 10, 2025
50a8d21
chore: fix cra
surajsbharadwaj Oct 10, 2025
0b6be31
chore: fix cra prefix
surajsbharadwaj Oct 10, 2025
aa47079
chore(deps): update dependencies
terraform-ibm-modules-ops Oct 11, 2025
736b593
chore: fix cra ansible
surajsbharadwaj Oct 11, 2025
5236b9a
Merge branch 'main' into vpc-and-sap
surajsbharadwaj Oct 11, 2025
30c0cf8
chore: common dev assets
surajsbharadwaj Oct 11, 2025
7818935
chore: update var description
surajsbharadwaj Oct 11, 2025
5a212e1
chore: update var description
surajsbharadwaj Oct 11, 2025
3f231dd
fix: validaion for prefix
surajsbharadwaj Oct 11, 2025
84c1749
fix: validaion for prefix to use lowercase
surajsbharadwaj Oct 11, 2025
2f2873b
fix: refixes, depends_on
surajsbharadwaj Oct 11, 2025
d564833
fix: target ips
surajsbharadwaj Oct 11, 2025
a14824e
fix: validation regex
surajsbharadwaj Oct 11, 2025
5ee6c55
fix: add depends_on
surajsbharadwaj Oct 11, 2025
9354901
chore: change region
surajsbharadwaj Oct 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3,512 changes: 3,509 additions & 3 deletions .secrets.baseline
View file
Open in desktop

Large diffs are not rendered by default.

185 changes: 139 additions & 46 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,40 +49,13 @@
{
"label": "SAP ready PowerVS",
"name": "sap-ready-to-go",
"install_type": "extension",
"install_type": "fullstack",
"working_directory": "solutions/ibm-catalog/sap-ready-to-go",
"compliance": {
"authority": "",
"profiles": []
},
"dependencies": [
{
"flavors": [
"standard",
"standard-extend"
],
"id": "2dd486c7-b317-4aaa-907b-42671485ad96-global",
"name": "deploy-arch-ibm-pvs-inf",
"install_type": "fullstack",
"optional": true,
"version": ">=8.0.0"
}
],
"configuration": [
{
"key": "prerequisite_workspace_id",
"required": true,
"custom_config": {
"config_constraints": {
"catalogID": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc",
"offeringID": "2dd486c7-b317-4aaa-907b-42671485ad96-global",
"versionConstraint": ">=8.0.0"
},
"grouping": "deployment",
"original_grouping": "deployment",
"type": "schematics_workspace"
}
},
{
"key": "powervs_zone",
"type": "string",
Expand Down Expand Up @@ -164,6 +137,19 @@
],
"custom_config": {}
},
{
"key": "powervs_resource_group_name",
"required": true,
"default_value": "",
"custom_config": {
"config_constraints": {
"identifier": "rg_name"
},
"grouping": "deployment",
"original_grouping": "deployment",
"type": "resource_group"
}
},
{
"key": "prefix",
"required": true,
Expand Down Expand Up @@ -202,6 +188,26 @@
"key": "powervs_netweaver_memory_size",
"required": true
},
{
"key": "external_access_ip",
"default_value": "__NULL__",
"required": true
},
{
"key": "powervs_sap_network_cidr",
"required": true
},
{
"key": "ssh_public_key",
"type": "multiline_secure_value",
"display_name": "ssh_public_key",
"required": true,
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "multiline_secure_value"
}
},
{
"key": "ssh_private_key",
"type": "multiline_secure_value",
Expand All @@ -225,20 +231,36 @@
}
},
{
"key": "sap_domain"
"key": "client_to_site_vpn",
"required": true
},
{
"key": "nfs_directory",
"hidden": true
"key": "sap_domain",
"required": true
},
{
"key": "powervs_sap_network_cidr"
"key": "enable_monitoring",
"required": true
},
{
"key": "powervs_hana_instance_name"
"key": "enable_scc_wp",
"required": true
},
{
"key": "powervs_netweaver_instance_name"
"key": "nfs_server_config",
"required": true
},
{
"key": "ansible_vault_password",
"type": "multiline_secure_value",
"required": true,
"default_value": "__NULL__",
"display_name": "ansible_vault_password",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "multiline_secure_value"
}
},
{
"key": "powervs_hana_instance_custom_storage_config",
Expand All @@ -264,6 +286,14 @@
"type": "code_editor"
}
},
{
"key": "vpc_intel_images",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "powervs_default_sap_images",
"custom_config": {
Expand All @@ -286,37 +316,100 @@
}
},
{
"key": "ansible_vault_password",
"key": "powervs_custom_images",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "powervs_custom_image_cos_configuration",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "powervs_custom_image_cos_service_credentials",
"type": "multiline_secure_value",
"display_name": "ansible_vault_password",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "multiline_secure_value"
}
}
],
"outputs": [
},
{
"key": "infrastructure_data"
"key": "tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "access_host_or_ip"
"key": "existing_monitoring_instance_crn"
},
{
"key": "powervs_hana_instance_ips"
"key": "sm_service_plan"
},
{
"key": "powervs_hana_instance_management_ip"
"key": "existing_sm_instance_guid"
},
{
"key": "powervs_netweaver_instance_ips"
"key": "existing_sm_instance_region",
"type": "string",
"default_value": "__NULL__",
"options": [
{
"displayname": "Null",
"value": "__NULL__"
},
{
"displayname": "au-syd",
"value": "au-syd"
},
{
"displayname": "br-sao",
"value": "br-sao"
},
{
"displayname": "ca-tor",
"value": "ca-tor"
},
{
"displayname": "eu-de",
"value": "eu-de"
},
{
"displayname": "eu-gb",
"value": "eu-gb"
},
{
"displayname": "jp-osa",
"value": "jp-osa"
},
{
"displayname": "jp-tok",
"value": "jp-tok"
},
{
"displayname": "us-east",
"value": "us-east"
},
{
"displayname": "us-south",
"value": "us-south"
}
],
"custom_config": {}
},
{
"key": "powervs_netweaver_instance_management_ips"
"key": "powervs_management_network"
},
{
"key": "powervs_lpars_data"
"key": "powervs_backup_network"
}
],
"iam_permissions": [
Expand Down
4 changes: 2 additions & 2 deletions modules/ansible/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ resource "terraform_data" "trigger_ansible_vars" {

resource "terraform_data" "execute_playbooks" {
depends_on = [terraform_data.setup_ansible_host]
count = var.ansible_vault_password != null ? 0 : 1
count = var.ansible_vault_password != "" ? 0 : 1

connection {
type = "ssh"
Expand Down Expand Up @@ -138,7 +138,7 @@ resource "terraform_data" "execute_playbooks" {

resource "terraform_data" "execute_playbooks_with_vault" {
depends_on = [terraform_data.setup_ansible_host]
count = var.ansible_vault_password != null ? 1 : 0
count = var.ansible_vault_password != "" ? 1 : 0

connection {
type = "ssh"
Expand Down
14 changes: 7 additions & 7 deletions modules/ansible/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,29 +63,29 @@ variable "ansible_vault_password" {
description = "Vault password to encrypt ansible variable file for SAP installation. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~."
type = string
sensitive = true
default = null
default = ""
validation {
condition = var.ansible_vault_password == null ? true : (length(var.ansible_vault_password) >= 15 && length(var.ansible_vault_password) <= 100)
condition = var.ansible_vault_password == "" ? true : (length(var.ansible_vault_password) >= 15 && length(var.ansible_vault_password) <= 100)
error_message = "ansible_vault_password needs to be between 15 and 100 characters in length."
}
validation {
condition = var.ansible_vault_password == null ? true : can(regex("[A-Z]", var.ansible_vault_password))
condition = var.ansible_vault_password == "" ? true : can(regex("[A-Z]", var.ansible_vault_password))
error_message = "ansible_vault_password needs to contain at least one uppercase character (A-Z)."
}
validation {
condition = var.ansible_vault_password == null ? true : can(regex("[a-z]", var.ansible_vault_password))
condition = var.ansible_vault_password == "" ? true : can(regex("[a-z]", var.ansible_vault_password))
error_message = "ansible_vault_password needs to contain at least one lowercase character (a-z)."
}
validation {
condition = var.ansible_vault_password == null ? true : can(regex("[0-9]", var.ansible_vault_password))
condition = var.ansible_vault_password == "" ? true : can(regex("[0-9]", var.ansible_vault_password))
error_message = "ansible_vault_password needs to contain at least one number (0-9)."
}
validation {
condition = var.ansible_vault_password == null ? true : can(regex("[!#$%&()*+\\-.:;<=>?@[\\]_{|}~]", var.ansible_vault_password))
condition = var.ansible_vault_password == "" ? true : can(regex("[!#$%&()*+\\-.:;<=>?@[\\]_{|}~]", var.ansible_vault_password))
error_message = "ansible_vault_password needs to contain at least one of the following special characters: !#$%&()*+-.:;<=>?@[]_{|}~"
}
validation {
condition = var.ansible_vault_password == null ? true : can(regex("^[A-Za-z0-9!#$%&()*+\\-.:;<=>?@[\\]_{|}~]+$", var.ansible_vault_password))
condition = var.ansible_vault_password == "" ? true : can(regex("^[A-Za-z0-9!#$%&()*+\\-.:;<=>?@[\\]_{|}~]+$", var.ansible_vault_password))
error_message = "ansible_vault_password contains illegal characters. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~"
}
}
Expand Down
2 changes: 1 addition & 1 deletion modules/ansible/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ terraform {
required_providers {
random = {
source = "hashicorp/random"
version = "3.6.1"
version = "3.7.2"
}
}
}
10 changes: 4 additions & 6 deletions modules/pi-sap-system-type1/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,22 @@ The Power Virtual Server for SAP module automates the following tasks:
| <a name="module_ansible_pi_netweaver_secondary_instances_sapmnt_mount"></a> [ansible\_pi\_netweaver\_secondary\_instances\_sapmnt\_mount](#module\_ansible\_pi\_netweaver\_secondary\_instances\_sapmnt\_mount) | ../ansible | n/a |
| <a name="module_ansible_sap_instance_init"></a> [ansible\_sap\_instance\_init](#module\_ansible\_sap\_instance\_init) | ../ansible | n/a |
| <a name="module_configure_scc_wp_agent"></a> [configure\_scc\_wp\_agent](#module\_configure\_scc\_wp\_agent) | ../ansible | n/a |
| <a name="module_pi_hana_instance"></a> [pi\_hana\_instance](#module\_pi\_hana\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
| <a name="module_pi_hana_instance"></a> [pi\_hana\_instance](#module\_pi\_hana\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.8.2 |
| <a name="module_pi_hana_storage_calculation"></a> [pi\_hana\_storage\_calculation](#module\_pi\_hana\_storage\_calculation) | ../pi-hana-storage-config | n/a |
| <a name="module_pi_netweaver_primary_instance"></a> [pi\_netweaver\_primary\_instance](#module\_pi\_netweaver\_primary\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
| <a name="module_pi_netweaver_secondary_instances"></a> [pi\_netweaver\_secondary\_instances](#module\_pi\_netweaver\_secondary\_instances) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
| <a name="module_pi_netweaver_primary_instance"></a> [pi\_netweaver\_primary\_instance](#module\_pi\_netweaver\_primary\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.8.2 |
| <a name="module_pi_netweaver_secondary_instances"></a> [pi\_netweaver\_secondary\_instances](#module\_pi\_netweaver\_secondary\_instances) | terraform-ibm-modules/powervs-instance/ibm | 2.8.2 |

### Resources

| Name | Type |
|------|------|
| [ibm_pi_network.sap_network](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/pi_network) | resource |
| [time_sleep.wait_1_min](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |

### Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt OS registration parameters. Only required with customer provided linux subscription (pi\_os\_registration). Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no |
| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt OS registration parameters. Only required with customer provided linux subscription (pi\_os\_registration). Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `""` | no |
| <a name="input_pi_hana_instance"></a> [pi\_hana\_instance](#input\_pi\_hana\_instance) | PowerVS SAP HANA instance hostname (non FQDN). Will get the form of <var.prefix>-<var.pi\_hana\_instance.name>. Max length of final hostname must be <= 13 characters.'sap\_profile\_id' Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-power-vs). File system sizes are automatically calculated. Override automatic calculation by setting values in optional 'pi\_hana\_instance\_custom\_storage\_config' parameter. 'additional\_storage\_config' additional File systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>object({<br/> name = string<br/> image_id = string<br/> sap_profile_id = string<br/> additional_storage_config = list(object({<br/> name = string<br/> size = string<br/> count = string<br/> tier = string<br/> mount = string<br/> }))<br/> })</pre> | <pre>{<br/> "additional_storage_config": [<br/> {<br/> "count": "1",<br/> "mount": "/usr/sap",<br/> "name": "usrsap",<br/> "size": "50",<br/> "tier": "tier3"<br/> }<br/> ],<br/> "image_id": "insert_value_here",<br/> "name": "hana",<br/> "sap_profile_id": "ush1-4x256"<br/>}</pre> | no |
| <a name="input_pi_hana_instance_custom_storage_config"></a> [pi\_hana\_instance\_custom\_storage\_config](#input\_pi\_hana\_instance\_custom\_storage\_config) | Custom file systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>list(object({<br/> name = string<br/> size = string<br/> count = string<br/> tier = string<br/> mount = string<br/> }))</pre> | <pre>[<br/> {<br/> "count": "",<br/> "mount": "",<br/> "name": "",<br/> "size": "",<br/> "tier": ""<br/> }<br/>]</pre> | no |
| <a name="input_pi_instance_init_linux"></a> [pi\_instance\_init\_linux](#input\_pi\_instance\_init\_linux) | Configures a PowerVS linux instance to have internet access by setting proxy on it, updates os and create filesystems using ansible collection [ibm.power\_linux\_sap collection](https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/) where 'bastion\_host\_ip' is public IP of bastion/jump host to access the 'ansible\_host\_or\_ip' private IP of ansible node. This ansible host must have access to the power virtual server instance and ansible host OS must be RHEL distribution. | <pre>object(<br/> {<br/> enable = bool<br/> bastion_host_ip = string<br/> ansible_host_or_ip = string<br/> ssh_private_key = string<br/> custom_os_registration = optional(object({<br/> username = string<br/> password = string<br/> }))<br/> }<br/> )</pre> | n/a | yes |
Expand All @@ -70,7 +69,6 @@ The Power Virtual Server for SAP module automates the following tasks:
| <a name="output_access_host_or_ip"></a> [access\_host\_or\_ip](#output\_access\_host\_or\_ip) | Public IP of Provided Bastion/JumpServer Host |
| <a name="output_pi_hana_instance_ips"></a> [pi\_hana\_instance\_ips](#output\_pi\_hana\_instance\_ips) | All private IPS of HANA instance |
| <a name="output_pi_hana_instance_management_ip"></a> [pi\_hana\_instance\_management\_ip](#output\_pi\_hana\_instance\_management\_ip) | Management IP of HANA Instance |
| <a name="output_pi_hana_instance_sap_ip"></a> [pi\_hana\_instance\_sap\_ip](#output\_pi\_hana\_instance\_sap\_ip) | SAP IP of PowerVS HANA Instance |
| <a name="output_pi_lpars_data"></a> [pi\_lpars\_data](#output\_pi\_lpars\_data) | All private IPS of PowerVS instances and Jump IP to access the host. |
| <a name="output_pi_netweaver_instance_ips"></a> [pi\_netweaver\_instance\_ips](#output\_pi\_netweaver\_instance\_ips) | All private IPS of NetWeaver instances |
| <a name="output_pi_netweaver_instance_management_ips"></a> [pi\_netweaver\_instance\_management\_ips](#output\_pi\_netweaver\_instance\_management\_ips) | Management IPS of NetWeaver instances |
Expand Down
Loading